refactor(desudo): drop runtime root from docker_run, sqlite guards, restores

- docker_run: in rooted mode run docker AS the manager via the docker
  group (no sudo); the type=='sudo' branch was unreachable dead code
- 8 db helpers: fix 'command -v sudo sqlite3' guard to 'command -v
  sqlite3' (bodies already query via runInstallOp)
- restic/kopia single-file dump: write target_file via runBackupOp tee
  (as the backup user, matching the snapshot-restore path) instead of
  root tee
- adguard auth: root-owned scratch via runSystem mktemp

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-24 18:03:36 +01:00
parent f13a5bc548
commit 21afae2eff
13 changed files with 18 additions and 19 deletions

View File

@ -17,7 +17,7 @@ authAdapter_adguard_setPassword() {
[[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; }
local tmp
tmp=$(sudo mktemp)
tmp=$(runSystem mktemp)
if ! runSystem awk -v u="$user" -v pw="$bcrypt" '
/^users:/ { in_users=1; print; next }
in_users && /^[^[:space:]-]/ { in_users=0 }

View File

@ -40,7 +40,7 @@ kopiaDumpFile()
kopiaEnvExport "$idx" || return 1
# `kopia show` writes the file contents from a snapshot to stdout.
if [[ -n "$target_file" ]]; then
runBackupOp kopia show "${snapshot_id}:${file_path}" | sudo tee "$target_file" >/dev/null
runBackupOp kopia show "${snapshot_id}:${file_path}" | runBackupOp tee "$target_file" >/dev/null
else
runBackupOp kopia show "${snapshot_id}:${file_path}"
fi

View File

@ -10,7 +10,7 @@ resticDumpFile()
resticEnvExport "$idx" || return 1
if [[ -n "$target_file" ]]; then
runBackupOp restic dump "$snapshot_id" "$file_path" | sudo tee "$target_file" >/dev/null
runBackupOp restic dump "$snapshot_id" "$file_path" | runBackupOp tee "$target_file" >/dev/null
else
runBackupOp restic dump "$snapshot_id" "$file_path"
fi

View File

@ -3,7 +3,7 @@
databaseAppScan()
{
# Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
fi

View File

@ -9,7 +9,7 @@ databaseListInstalledApp()
isNotice "App name is required. Usage: databaseListInstalledApp <app_name>"
else
# Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
else
# Check if database file is available

View File

@ -3,7 +3,7 @@
databaseListInstalledApps()
{
# Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
fi

View File

@ -5,7 +5,7 @@ databaseUninstallApp()
local app_name="$1"
# Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
fi

View File

@ -3,7 +3,7 @@
# Function to check if we should run the update
checkIfOSUpdateShouldRun()
{
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
elif [ ! -f "$docker_dir/$db_file" ]; then
isNotice "Database file not found: $docker_dir/$db_file"

View File

@ -11,7 +11,7 @@ databaseDisplayTables()
while true; do
# Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
fi

View File

@ -6,7 +6,7 @@ databaseEmptyTable()
isHeader "Empty Database Table"
# Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
fi

View File

@ -19,7 +19,7 @@ dockerCheckAppInstalled()
package_status="not_installed"
fi
elif [ "$flag" = "docker" ]; then
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
package_status="not_installed"
elif [ ! -f "$docker_dir/$db_file" ]; then
package_status="not_installed"

View File

@ -1,17 +1,16 @@
#!/bin/bash
# Run a docker command-line string in the right context for the install mode.
# rootless -> as the docker install user (owns the rootless daemon + socket)
# rooted -> as the manager (in the docker group, talks to the root socket
# directly — no sudo)
dockerCommandRun()
{
local command="$1"
local type="$2" # sudo
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
dockerCommandRunInstallUser "$command"
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
if [[ $type == "sudo" ]]; then
sudo bash -c "$command"
else
bash -c "$command"
fi
bash -c "$command"
fi
}

View File

@ -153,7 +153,7 @@ databaseSSHScanForKeys()
local ssh_directory="$ssh_dir$CFG_DOCKER_MANAGER_USER"
# Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then
if ! command -v sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed."
fi